ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Yyds.Auto

v1.0.0

Control Android devices via MCP — tap, swipe, OCR, screenshot, UI automation, shell, file management, and AI agent orchestration for Android RPA.

0· 74·0 current·0 all-time
by@chenanzong
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (Android RPA via MCP) match what the skill asks for: node and adb binaries, YYDS_DEVICE_HOST/PORT, and an npm MCP server package. Requested binaries and env vars are appropriate for connecting to an Android engine over network/ADB.
Instruction Scope
SKILL.md instructs the agent to install/run the yyds-auto-mcp npm server, set up ADB port forwarding, and drive many device actions including screenshots, UI dumps, file ops, and running shell commands with ROOT/SHELL privileges. These actions are consistent with RPA but are highly sensitive (IMEI, foreground app, filesystem access, elevated shell). There is no instruction to exfiltrate data to unexpected external endpoints, but the skill can access and transmit sensitive device data to the MCP client.
Install Mechanism
The install uses an npm package (yyds-auto-mcp) and creates a binary. Installing from npm is a common pattern but carries moderate risk because code will be fetched and executed from the registry. No direct downloads from arbitrary URLs are declared.
Credentials
Only YYDS_DEVICE_HOST and YYDS_DEVICE_PORT are required (primaryEnv is the host). These are proportional to the stated purpose. The SKILL.md also documents optional envs (device serial, adb path) but does not require unrelated cloud credentials or secrets.
Persistence & Privilege
always:false (not force-included). The skill allows the agent to run an MCP server process that can perform privileged operations on connected devices (including root shell). Autonomous invocation is allowed by default (platform default) — combined with device-level privileges this increases blast radius if you install an untrusted package.
Assessment
This skill appears to be what it says (an Android RPA MCP client) but it grants powerful, sensitive capabilities on devices (root/shell access, IMEI and filesystem reads, app control). Before installing: 1) Verify the npm package publisher and inspect the package source (or install in a controlled environment) — npm packages can execute arbitrary code. 2) Only connect devices you trust and be aware that the skill can read device identifiers and files. 3) Prefer using a non-root device or limit device access if possible; do not connect production devices with sensitive data unless you fully trust the package. 4) When adding to editor/agent configs, avoid using npx -y if you want to prevent implicit network installs; install the package explicitly and pin a specific version. 5) If you need higher assurance, request the package's source repo or a signed release and audit the code before granting device access.

Like a lobster shell, security has layers — review code before you run it.

latestvk974sr5snxqq057b7p4p0dkfhs83jf16

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📱 Clawdis
OSWindows · macOS · Linux
Binsnode
Any binadb
EnvYYDS_DEVICE_HOST, YYDS_DEVICE_PORT
Primary envYYDS_DEVICE_HOST

Install

Node
Bins: yyds-auto-mcp
npm i -g yyds-auto-mcp

Comments